From c02ec1f645e4e1e16ac7ebb029e8b2a3d0082ab5 Mon Sep 17 00:00:00 2001 From: Aleksandr Khromykh Date: Mon, 7 Jul 2025 14:12:11 +0200 Subject: [PATCH] bluetooth: mesh: remove persisted psa key if mesh does not own it Commit adds destruction of the persisted in PSA ITS key if mesh does not own it (zero bit in the bitmap of persisted keys). This is not standard mesh behavior, but might happen if something happens between removing key data in mesh and in the crypto library (for example power off in bettwen). Previously, mesh wasn't able to import key with gotten stuck key id. The current fix reproduces more robust behavior. Signed-off-by: Aleksandr Khromykh --- subsys/bluetooth/mesh/crypto_psa.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/subsys/bluetooth/mesh/crypto_psa.c b/subsys/bluetooth/mesh/crypto_psa.c index 8d95ed912ec..dcefb18565c 100644 --- a/subsys/bluetooth/mesh/crypto_psa.c +++ b/subsys/bluetooth/mesh/crypto_psa.c @@ -452,9 +452,14 @@ int bt_mesh_key_import(enum bt_mesh_key_type type, const uint8_t in[16], struct psa_set_key_bits(&key_attributes, 128); status = psa_import_key(&key_attributes, in, 16, &out->key); - err = status == PSA_SUCCESS ? 0 : - status == PSA_ERROR_ALREADY_EXISTS ? -EALREADY : -EIO; + if (status == PSA_ERROR_ALREADY_EXISTS) { + LOG_WRN("Key with ID 0x%4x already exists (desync between mesh and PSA ITS)", + key_id); + (void)psa_destroy_key(key_id); + status = psa_import_key(&key_attributes, in, 16, &out->key); + } + err = status == PSA_SUCCESS ? 0 : -EIO; if (err && key_id != PSA_KEY_ID_NULL) { keyid_free(key_id); }